{"vulnerability": "CVE-2025-2631", "sightings": [{"uuid": "6eca92f7-be47-4a1d-a379-61295eb96554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26312", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkei5xfcqx24", "content": "", "creation_timestamp": "2025-03-14T20:46:22.968918Z"}, {"uuid": "631ec990-2fb8-4767-928d-8fd927ec1e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26318", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6s5p4s42q", "content": "", "creation_timestamp": "2025-03-06T00:00:07.685480Z"}, {"uuid": "5bf4e106-1d49-40b7-8e0f-1752f71aed45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lk33toas5s2i", "content": "", "creation_timestamp": "2025-03-11T03:11:54.256612Z"}, {"uuid": "b9d24268-d58c-4bc9-b408-a96685ea6c55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljo6s5vk242f", "content": "", "creation_timestamp": "2025-03-06T00:00:08.274488Z"}, {"uuid": "0e3bb99f-d130-424e-8501-c424cfd25464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26311", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lin66yomuf23", "content": "", "creation_timestamp": "2025-02-20T20:51:32.234084Z"}, {"uuid": "1892df6d-a7ce-4306-af64-1d872749337e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26310", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lin66z7nhw2s", "content": "", "creation_timestamp": "2025-02-20T20:51:33.800352Z"}, {"uuid": "e3a57ba6-4213-4355-97f8-f6b5a42d4594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lkbyl7nipa2s", "content": "", "creation_timestamp": "2025-03-13T21:02:13.102554Z"}, {"uuid": "9851cddd-8b8a-4d79-80a8-b4e68e4c1ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-26319.yaml", "content": "", "creation_timestamp": "2025-03-12T04:08:57.000000Z"}, {"uuid": "15a54c40-8c7d-4910-9502-899998e284d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2631", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-06", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "e7b28a03-25ea-4b60-8c02-061a467f5a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2631", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5uth6kb2r", "content": "", "creation_timestamp": "2025-04-09T23:37:59.581276Z"}, {"uuid": "9a04d830-ca55-4d79-a7bd-f3c3084bc633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-24)", "content": "", "creation_timestamp": "2025-06-24T00:00:00.000000Z"}, {"uuid": "7f25cc4f-c3b0-4237-8bfc-43835555576f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llrrgnlwaq25", "content": "", "creation_timestamp": "2025-04-01T21:02:05.411516Z"}, {"uuid": "3cd21ba6-5c2d-46d0-a086-4429dac8a737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-15)", "content": "", "creation_timestamp": "2026-02-15T00:00:00.000000Z"}, {"uuid": "92746748-90b9-42c7-b603-eadb4908cd10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lnxlwyatgd2d", "content": "", "creation_timestamp": "2025-04-29T15:30:13.304369Z"}, {"uuid": "71082c5c-f2f3-439c-82a1-d5eaafaad55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-01)", "content": "", "creation_timestamp": "2025-11-01T00:00:00.000000Z"}, {"uuid": "6aa76e32-1ea8-41c7-ada8-d586208d52a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-05)", "content": "", "creation_timestamp": "2025-10-05T00:00:00.000000Z"}, {"uuid": "36d8ae0d-2bec-4c1a-b4b5-045977be514c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-20)", "content": "", "creation_timestamp": "2025-08-20T00:00:00.000000Z"}, {"uuid": "89068491-c193-44d9-9aae-f74132c27b91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-31)", "content": "", "creation_timestamp": "2025-05-31T00:00:00.000000Z"}, {"uuid": "be2f50a6-daa9-4549-9df8-46f0cfa4fd4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26310", "type": "seen", "source": "https://t.me/cvedetector/18564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26310 - Ming File Parsing Memory Leak Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2025-26310 \nPublished : Feb. 20, 2025, 5:15 p.m. | 16\u00a0minutes ago \nDescription : Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T19:00:31.000000Z"}, {"uuid": "e267d5f7-d128-455f-92b4-9cb7ba9ade13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26318", "type": "seen", "source": "https://t.me/cvedetector/19554", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26318 - TSplus Remote Access Domain Account Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-26318 \nPublished : March 4, 2025, 9:15 p.m. | 1\u00a0hour, 34\u00a0minutes ago \nDescription : Insecure permissions in TSplus Remote Access v17.30 allow attackers to retrieve a list of all domain accounts currently connected to the application. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T00:12:48.000000Z"}, {"uuid": "5968776a-36f1-4b72-a7b6-77ddc2819879", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://t.me/cvedetector/19551", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26319 - FlowiseAI Flowise File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26319 \nPublished : March 4, 2025, 10:15 p.m. | 34\u00a0minutes ago \nDescription : FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T00:12:43.000000Z"}, {"uuid": "67082de3-3472-4122-8854-f768fb12365c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "exploited", "source": "https://t.me/true_secator/8076", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432\u00a0Flowise, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0418\u0418 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0440\u044f\u0434\u043e\u043c \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0438\u0439.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2025-59528 (CVSS: 10.0), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u0423\u0437\u0435\u043b CustomMCP \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0432\u043e\u0434\u0438\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0432\u043d\u0435\u0448\u043d\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 MCP, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0441\u0442\u0440\u043e\u043a\u0443 mcpServerConfig \u0434\u043b\u044f \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u044d\u0442\u043e\u0433\u043e \u043e\u043d \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043a\u043e\u0434 JavaScript \u0431\u0435\u0437 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\nFlowise \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u043f\u0430\u0441\u043d\u044b\u043c \u043c\u043e\u0434\u0443\u043b\u044f\u043c, \u0442\u0430\u043a\u0438\u043c \u043a\u0430\u043a child_process (\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434) \u0438 fs (\u0444\u0430\u0439\u043b\u043e\u0432\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430), \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441 \u043f\u043e\u043b\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441\u0440\u0435\u0434\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f Node.js.\n\n\u0418\u043d\u044b\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 JavaScript \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Flowise, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0443\u0442\u0435\u0447\u043a\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 Flowise, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u043e\u043a\u0435\u043d API, \u044d\u0442\u043e \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u0443\u044e \u0443\u0433\u0440\u043e\u0437\u0443 \u0434\u043b\u044f \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0441\u0442\u0438 \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u0440\u0430\u0437\u0438\u043b\u0430 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u043d\u043e\u0441\u0442\u044c \u041a\u0438\u043c \u0421\u0443 \u0425\u0451\u043d \u0437\u0430 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 3.0.6 \u043f\u0430\u043a\u0435\u0442\u0430 npm.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c VulnCheck, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u0430\u0441\u044c \u0441 \u043e\u0434\u043d\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430 Starlink.\n\nCVE-2025-59528 - \u044d\u0442\u043e \u0443\u0436\u0435 \u0442\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Flowise, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043f\u043e\u0441\u043b\u0435 CVE-2025-8943 (CVSS: 9,8), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u041e\u0421, \u0438 CVE-2025-26319 (CVSS: 8,9), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0448\u0435\u0441\u0442\u0438 \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u0430 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0431\u044b\u043b\u043e \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0435\u0435.\n\n\u041a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u043b\u043e\u0449\u0430\u0434\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 12 000 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432, \u0447\u0442\u043e Flowise \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0446\u0435\u043b\u044c\u044e \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0443\u0436\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u044e\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2026-04-07T18:20:05.000000Z"}, {"uuid": "123cdbc6-7086-4371-be88-f10fb83481e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26311", "type": "seen", "source": "https://t.me/cvedetector/18557", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26311 - Libming Denial of Service Memory Leak\", \n  \"Content\": \"CVE ID : CVE-2025-26311 \nPublished : Feb. 20, 2025, 5:15 p.m. | 16\u00a0minutes ago \nDescription : Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T19:00:22.000000Z"}, {"uuid": "b539c1df-d41b-4aae-91ec-f72c50b63c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26318", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6446", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26318\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insecure permissions in TSplus Remote Access v17.30 allow attackers to retrieve a list of all domain accounts currently connected to the application.\n\ud83d\udccf Published: 2025-03-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T21:07:42.487Z\n\ud83d\udd17 References:\n1. https://github.com/Frozenka/CVE-2025-26318", "creation_timestamp": "2025-03-04T21:35:58.000000Z"}, {"uuid": "4a7ad05e-7d38-443e-8062-2eaa2d55b56d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26311", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4809", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26311\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.\n\ud83d\udccf Published: 2025-02-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-20T21:06:28.424Z\n\ud83d\udd17 References:\n1. https://github.com/libming/libming/issues/329", "creation_timestamp": "2025-02-20T21:17:40.000000Z"}, {"uuid": "20daee83-c4a0-4299-b545-786150248b77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6444", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26319\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.\n\ud83d\udccf Published: 2025-03-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-04T21:10:27.297Z\n\ud83d\udd17 References:\n1. https://github.com/dorattias/CVE-2025-26319", "creation_timestamp": "2025-03-04T21:35:56.000000Z"}, {"uuid": "7017be4a-f38d-4a11-9fa9-42f5d16972a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2631", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11142", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2631\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted VI.  This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.\n\ud83d\udccf Published: 2025-04-09T19:10:22.077Z\n\ud83d\udccf Modified: 2025-04-09T19:32:46.740Z\n\ud83d\udd17 References:\n1. https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-vulnerabilities-in-ni-labview.html", "creation_timestamp": "2025-04-09T19:48:14.000000Z"}, {"uuid": "a469a0e9-277f-469f-a7ad-92b6a509646d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26312", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7609", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26312\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter\n\ud83d\udccf Published: 2025-03-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-14T17:22:57.053Z\n\ud83d\udd17 References:\n1. http://sendquick.com\n2. https://medium.com/@retro.metro/cve-2025-26312-captcha-bypass-vulnerability-in-sendquick-entera-devices-68708e203216", "creation_timestamp": "2025-03-14T17:48:54.000000Z"}, {"uuid": "096ec1c9-b024-4bb4-8013-4317bd334ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26318", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/16006", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPOC CVE-2025-26318\nURL\uff1ahttps://github.com/Frozenka/CVE-2025-26318\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-02-28T09:03:40.000000Z"}, {"uuid": "927b9413-fde5-4161-a724-194ecf7ec29e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://t.me/cybersecplayground/132", "content": "\ud83d\udea8 Security Alert: CVE-2025-26319 \ud83d\udea8\n\n\ud83d\udd25 Arbitrary File Upload  in Flowise (v2.5) \u2013 CVSS 9.8 Critical\n\n\ud83d\udccc What\u2019s the risk?\nA pre-authenticated arbitrary file upload vulnerability in FlowiseAI Flowise v2.5 allows attackers to upload malicious files, potentially leading to remote code execution (RCE) and server compromise.\n\n\ud83d\udd0d Key Details:\n\n\ud83d\udccc Affected Version: FlowiseAI Flowise v2.5\n\ud83d\udea8 Risk: Unauthenticated attackers can upload malicious files, leading to full system compromise\n\n\u26a0\ufe0f No Patch Available Yet\n\n\ud83d\udcbb HUNTER Query:product.name=\"Flowise\"\n\n\ud83d\udd17 Hunter Link\n\n\ud83d\udd14 Action Required:\n\u2705 If you\u2019re using Flowise v2.5, apply mitigations immediately!\n\u2705 Restrict file uploads and monitor for suspicious activities\n\u2705 Check if your instance is exposed using Netlas.io\n\n\ud83d\udd34 Stay ahead in cybersecurity \u2013 Join us!\n\ud83d\udd17 @cybersecplayground for real-time updates.\n\n#Flowise #hunterhow #infosec #infosecurity #OSINT #Vulnerability \ud83d\udea8", "creation_timestamp": "2025-03-13T08:38:36.000000Z"}, {"uuid": "0ebf8452-8809-42be-909b-2f4a305e790e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26312", "type": "seen", "source": "https://t.me/cvedetector/20332", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26312 - SendQuick Entera CAPTCHA Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26312 \nPublished : March 14, 2025, 6:15 p.m. | 1\u00a0hour, 21\u00a0minutes ago \nDescription : SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T20:53:42.000000Z"}, {"uuid": "de56f07f-ac32-4045-a4b2-c47a535d5750", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2631", "type": "seen", "source": "https://t.me/cvedetector/22599", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2631 - NI LabVIEW Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2631 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted VI.  This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:15.000000Z"}, {"uuid": "28f282d6-45f3-4ee7-b203-a75559fa05b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "Telegram/7gVxhzaV21xo6Yceuj-_jpTV3e9GH4ngQsSA_3q7vypJdYQ", "content": "", "creation_timestamp": "2025-03-13T20:50:55.000000Z"}, {"uuid": "899693a6-cd8b-4a1a-8951-a0e5287664ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "published-proof-of-concept", "source": "Telegram/8yZyRTYv3K4cTYzSdaVvgO13wYslC7D_t5C4gF6dHB6V7jQ", "content": "", "creation_timestamp": "2025-03-13T12:00:27.000000Z"}, {"uuid": "ba6069b5-cf68-48c7-aa37-fae1ca8a428a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "Telegram/mtd2WnkOR7BxRDsUyy5ECnYa-TFyhFpbfOdiyDiG1eJ4_ow", "content": "", "creation_timestamp": "2025-03-13T09:33:08.000000Z"}, {"uuid": "882f30f8-64b0-48b0-8959-4bdb4541526e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-29)", "content": "", "creation_timestamp": "2026-04-29T00:00:00.000000Z"}, {"uuid": "6d80fa40-006b-4404-8f1f-093bd7d15828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26319", "type": "seen", "source": "https://t.me/proxy_bar/2542", "content": "CVE-2025-26319 \n*\nFlowise Open-Source Platform \nCVSS 9.8", "creation_timestamp": "2025-03-13T19:18:42.000000Z"}]}